﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.ComponentModel.DataAnnotations;
using System.Security.Principal;

namespace AuthDemo.Web
{
    public static class WidgetAuthorization
    {
        public static AuthorizationResult IsWidgetOwner(IPrincipal user,
            AuthorizationContext authContext)
        {
            Widget widget = authContext.Instance as Widget;

            if (user.IsInRole("WidgetOwner"))
            {
                if (widget.Owner == user.Identity.Name)
                {
                    return AuthorizationResult.Allowed;
                }
            }

            return new AuthorizationResult("Update not allowed; you are notthe widget's ownner!");
        }
    }
}